jpeg2000: Check component number in get_coc() and get_qcc()

Avoid overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Nicolas Bertrand <nicoinattendu@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2025-10-30 23:18:11 +02:00 · 2013-07-01 10:01:07 +02:00
parent 17e5d614a8
commit eae63e3c15
1 changed files with 16 additions and 1 deletions
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -362,6 +362,13 @@ static int get_coc(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c,

    compno = bytestream2_get_byteu(&s->g);

+    if (compno >= s->ncomponents) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Invalid compno %d. There are %d components in the image.\n",
+               compno, s->ncomponents);
+        return AVERROR_INVALIDDATA;
+    }
+
    c      += compno;
    c->csty = bytestream2_get_byteu(&s->g);
    get_cox(s, c);
@@ -440,7 +447,15 @@ static int get_qcc(Jpeg2000DecoderContext *s, int n, Jpeg2000QuantStyle *q,
    if (bytestream2_get_bytes_left(&s->g) < 1)
        return AVERROR_INVALIDDATA;

-    compno              = bytestream2_get_byteu(&s->g);
+    compno = bytestream2_get_byteu(&s->g);
+
+    if (compno >= s->ncomponents) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Invalid compno %d. There are %d components in the image.\n",
+               compno, s->ncomponents);
+        return AVERROR_INVALIDDATA;
+    }
+
    properties[compno] |= HAD_QCC;
    return get_qcx(s, n - 1, q + compno);
 }